Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add docs for fuzzing #181

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

adithyaakrishna
Copy link
Contributor

Description:

Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
Copy link
Collaborator

alabulei1 commented Oct 27, 2023

Hello, I am a code review bot on flows.network. Here are my reviews of code commits in this PR.


Overall, the pull request adds introductory information and prerequisites for fuzzing, as well as detailed steps on how to perform fuzz testing using AFL. It also includes best practices and references for more information on fuzzing. However, there are a few potential problems, such as not addressing specific issues or bugs related to fuzzing, lacking instructions on how to perform fuzz tests on WasmEdge applications, and not including specific details and examples. The patch also does not include any test cases or examples of fuzzing in action. Additionally, there is a missing newline at the end of the new document, and it's unclear if the changes made in the second file were intentional or not. A more descriptive commit message would also be helpful. Despite these issues, overall, the changes made in the pull request are valuable additions to the project and provide comprehensive documentation on fuzz testing.

Details

Commit 66da00d53dc87a4628c7009abfe5533b085107e1

Key changes:

  • Added a brief introduction to fuzzing.
  • Added a section on prerequisites for running fuzz tests on WasmEdge applications.

Potential problems:

  • The patch does not address any specific issues or bugs related to fuzzing. It only adds introductory information and prerequisites for fuzzing.
  • The patch does not provide any instructions or guidance on how to actually perform fuzz tests on WasmEdge applications.
  • It would be helpful to include more specific details and examples in the guide to make it more practical and actionable for contributors.
  • It is unclear why the "Work in Progress" comment was removed. If the guide is still in progress, it should be mentioned in the patch or updated accordingly.
  • The patch does not include any test cases or examples of fuzzing in action, which would be valuable for readers.

Commit 77358964a6a649aabbb3e1a8cda297e12cde8266

Key changes:

  • Added a new document for fuzzing in the docs/contribute/ directory.
  • Added detailed steps on how to perform fuzz testing using AFL (American Fuzzy Lop) as the fuzzing tool.
  • Included best practices for fuzz testing.
  • Added further references for more information on fuzzing.

Potential problems found:

  • The new document does not have a newline at the end of the file. This should be fixed to maintain consistency.
  • The patch modifies two files, but it's not clear if the changes made in the second file were intentional or if there is a duplicate file modified in error. This should be clarified with the author of the pull request.
  • The first line of the commit message includes "feat: add docs for fuzzing," which follows common conventions. However, it would be helpful to provide a more descriptive commit message that explains the purpose and context of the changes made.

Overall, the pull request includes comprehensive documentation on how to perform fuzz testing for WasmEdge applications and incorporates best practices. There are a few minor issues that can be addressed, but the changes themselves are valuable additions to the project.

@alabulei1
Copy link
Collaborator

Hi, @adithyaakrishna

We ae using Google/OSS-Fuzz, can you use this in your docs? https://github.com/google/oss-fuzz/tree/master/projects/wasmedge

:::

### Further References
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't need this one. Thanks.

Fuzzing is an effective way to discover vulnerabilities and bugs that might not be apparent through conventional testing methods. By following this guide, you can set up a robust fuzzing workflow for your WasmEdge applications, thereby enhancing their security and reliability.

:::note
If you need a Wasm specific fuzzer, this https://github.com/wasmerio/wasm-fuzz/ can give more infomation and details pertaining to your use cases
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't need this one. Thanks.

@alabulei1
Copy link
Collaborator

Hi, @adithyaakrishna

We ae using Google/OSS-Fuzz, can you use this in your docs? https://github.com/google/oss-fuzz/tree/master/projects/wasmedge

And could you please check out this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants